[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UVM, UBC, and PF criticisms in comp.unix.solaris

To: <support@oeko.net>
Subject: Re: UVM, UBC, and PF criticisms in comp.unix.solaris
From: "Generic Player" <suck@my-balls.com>
Date: Fri, 4 Jan 2002 09:08:03 -0500
Cc: "Darren Reed" <avalon@cairo.anu.edu.au>, <misc@openbsd.org>,<support@oeko.net>
References: <200112310435.fBV4ZowA026689@cairo.anu.edu.au> <003101c19216$374f1530$02e3a2d1@orion> <20020104115542.16978.qmail@oak.oeko.net>

> well, I'm a bit confused. _If_ iptables is "the best free firewall out
> there", why didn't the OpenBSD project just clip and incorporate that
> instead of taking the trouble of rewriting one from scratch?

I would assume the fact that its license is no good, and the fact that
its directly tied to the linux kernel, its not like ipf where it was
written to work on more than one OS, I am not a developer, so I really
couldn't say for sure.

> Also, why when you have pf does ipf not working prevent you from
> running OpenBSD? Is that because you (probably) needed to deploy
> before 3.0? What exactly was the problem with ipf? Why was the
> problem with ipf worse than the notorious constant
instability/security
> hassle Linux has to offer?
>
> Don't get me wrong, I'm _curious_ and would be glad to get some
insights.

I would assume the rest of the thread since this email you replied to
helped, the stuff about NAT being broken and the firewall needing
flushed for no obvious reason?  Yeah, I dislike the stability issues of
linux, especially when you end up with this many machines, that's why I
want to move back to open, there's not really alot of security issues
though when all it does is NAT, port redirs, and ssh, for us to change
the redirs.  PF in 3.0 wasn't ready either, people do things like run
windows pptp servers, redirecting gre is kinda a must have.  We started
on the problem around 2.8, and I was forced to give up on openbsd for
the project around 2.9.  I've begun testing with 3.0 and pf
from -current, I think it will solve the linux issue for me.

> I use both OpenBSD and Linux together, and, at least currently, have
no
> problems choosing OpenBSD over Linux most any day for security-related
> and possibly other jobs as well. I do have a hard time believing in
> Linux security, though, and dislike the prospect of investigating
IPSEC
> on Linux in the very near future, when OpenBSD has it out of the box.
>

In a perfect world I wouldn't be using linux anywhere for anything, I
don't like it, but there wasn't really a choice in this case, it was the
only thing that worked.  And try freeswan for your ipsec needs on linux,
it seems to work just fine.

Adam

Follow-Ups:
- Re: UVM, UBC, and PF criticisms in comp.unix.solaris
  - From: Kjell Wooding <kjell@tash.pintday.org>

References:
- Re: UVM, UBC, and PF criticisms in comp.unix.solaris
  - From: Toni Mueller <support@oeko.net>

Prev by Date: Re: Rebuliding OpenBSD 3.0
Next by Date: Re: More Install Troubles
Prev by thread: Re: UVM, UBC, and PF criticisms in comp.unix.solaris
Next by thread: Re: UVM, UBC, and PF criticisms in comp.unix.solaris
Index(es):
- Date
- Thread